Project Settings
Many settings are also available at the Project level, allowing them to be configured for specific tenants on the server rather than globally. Only Super Admin users are allowed to edit Project settings.
Additional details are available in the full Project resource schema.
| Setting | Description | Default |
|---|---|---|
superAdmin | Users belonging to a Project with this flag are granted Super Admin access to the server. Multiple Projects can have this set. | false |
checkReferencesOnWrite | If true, the the server will reject any create or write operations to FHIR resources with a reference to a resource that does not exist. | false |
features | A list of optional features that are enabled for the project. Possible values are listed below. | |
defaultPatientAccessPolicy | The default AccessPolicy applied to all Patient Users invited to this Project. This is required to enable open patient registration. | |
link | Additional Projects whose contents should be accessible to users in the current Project. | |
defaultProfile | Resource profiles that will be added to resources written in the Project that do not specify a profile directly. This enables automatic custom resource validation. | |
setting | Arbitrary key-value pairs available to anyone in the Project, can be set by Project Admins. | |
secret | Key-value pairs similar to setting, that can only be read by Project Admins. These can be used to pass secrets to Bots | |
systemSetting | Server settings related to the Project: visible to anyone, but can only be set by Super Admins. | |
systemSecret | Key-value pairs that can only be accessed by Super Admins. |
Project feature flags
Medplum server exposes settings to control access to specific features on a per-Project basis. The available features are:
| Feature | Description |
|---|---|
bots | Project is allowed to create and run Bots |
cron | Can run Bots periodically on CRON timers |
email | Bots in this project can send emails |
google-auth-required | Google authentication is the only method allowed |
graphql-introspection | Allows potentially-expensive GraphQL schema introspection queries |
terminology | Enable full standards-compliant implementation for the ValueSet/$expand operation |
websocket-subscriptions | Allows setting up a Subscription over Websockets |
reference-lookups | Uses dedicated lookup tables for faster chained search |
transaction-bundles | Use strong database transaction isolation for transaction Bundles |
Project system settings
The supported options that can be specified by a Super Admin in Project.systemSetting:
| systemSetting | Type | Description | Default |
|---|---|---|---|
authRateLimit | integer | The maximum requests per minute allowed for authentication endpoints per IP address | 160 |
graphqlBatchedSearchSize | integer | For some GraphQL nested searches, the maximum number of searches to batch per SQL query | 0 |
graphqlMaxDepth | integer | The maximum allowed depth of a GraphQL query | 12 |
graphqlMaxSearches | integer | The maximum number of searches allowed in a GraphQL query | none |
legacyFhirJsonResponseFormat | boolean | If true, plain JSON formatting is incorrectly used instead of FHIR JSON for some responses with content type application/fhir+json | false |
rateLimit | integer | The maximum requests per minute allowed per IP address | 60000 |
searchOnReader | boolean | If true, FHIR search requests (except in batch requests) are served by the reader database pool if available | false |